Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
108s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
05/08/2024, 07:47
Static task
static1
Behavioral task
behavioral1
Sample
67d28588acd32fa9cfdc06fbce35b070N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
67d28588acd32fa9cfdc06fbce35b070N.exe
Resource
win10v2004-20240802-en
General
-
Target
67d28588acd32fa9cfdc06fbce35b070N.exe
-
Size
77KB
-
MD5
67d28588acd32fa9cfdc06fbce35b070
-
SHA1
4f0ffba70a0bd1eda260f7798c864621d8a7f3bf
-
SHA256
632248ef0a282df697529b4e7c05fa40784ee9b26de3ca182e6f193306014256
-
SHA512
6912aadbe01b49b754e88061b9d7fd84426254596d7e58fe09a753723b0068e63fc50096da3dfb5557f2b02f20594adc9225c1f15ccd45e201ad2540435d2954
-
SSDEEP
1536:X6QFElP6n+gJQMOtEvwDpjBZYTjipvF2bx1sin:X6a+SOtEvwDpjBZYvQd29
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2232 asih.exe -
Loads dropped DLL 1 IoCs
pid Process 1700 67d28588acd32fa9cfdc06fbce35b070N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 67d28588acd32fa9cfdc06fbce35b070N.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language asih.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1700 wrote to memory of 2232 1700 67d28588acd32fa9cfdc06fbce35b070N.exe 30 PID 1700 wrote to memory of 2232 1700 67d28588acd32fa9cfdc06fbce35b070N.exe 30 PID 1700 wrote to memory of 2232 1700 67d28588acd32fa9cfdc06fbce35b070N.exe 30 PID 1700 wrote to memory of 2232 1700 67d28588acd32fa9cfdc06fbce35b070N.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\67d28588acd32fa9cfdc06fbce35b070N.exe"C:\Users\Admin\AppData\Local\Temp\67d28588acd32fa9cfdc06fbce35b070N.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2232
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
78KB
MD5e8f7327eb27a6e73a577f1253ff56198
SHA1fc8df9a227c230cebdcdb54a5d2e69a7d90e74bb
SHA25637a3f99d0f8d1808f84daa4dc79a69490feb3906eb3398cf62aa326257923abf
SHA512f522731d33a7b048cd17f8d4bc650b981d26fb58559747eb814e33d9f447c07e22b87e9a70fc92b2ccd9245c93b97254c3cebf95daa0369041290b38fd25b0e8